Two-Factor Authentication & How to Enable on SSH

Converted from Blogger. Please excuse any layout errors!

If you ever managed a linux server, chances are you logged into it with Secure Shell. SSH is a vital service to manage hosts remotely. There are ways to secure this by using strong passwords and bruteforce prevention. SSH can use public/private keys to login without a password. Keys are a convenient and secure way of connecting to and SSH server. Two-factor adds to that security. Personally, I use keys to login to my server, but when I'm not using keys it passes over to password & a time-based code.

A Quick Introduction to Two-Factor Authentication

Two-factor authentication provides and additional means of identifying a user when logging into a service. It is becoming evident that just a username & password is not enough.

Two-factor is generally a password and a time-dependant code. There are others, like push messages, phone calls, asymmetric keys+push (twitter),

Two-factor is gaining popularity among web services. A few years ago you had to acquire a dongle that generated a time-based code. Now with smartphones, there are free apps to accomplish this.

Depending on the security settings, some services require you type in a code everytime you try to login or only when logging in from a new device.

Two-factor is not an end all solution to security. You should still use strong passwords. Two-factor does leave room for man-in-the-middle or man-in-the-browser attacks. Also your phone could be compromised and your two-factor could be hijacked.